##// END OF EJS Templates
feat: security-related code removed to be moved to EE
andverb -
r5525:5c137dd8 default
parent child Browse files
Show More
@@ -17,13 +17,8 b''
17 17 # and proprietary license terms, please see https://rhodecode.com/licenses/
18 18
19 19 import logging
20 import formencode
21 20
22 from rhodecode import BACKENDS
23 21 from rhodecode.apps._base import BaseAppView
24 from rhodecode.model.meta import Session
25 from rhodecode.model.settings import SettingsModel
26 from rhodecode.model.forms import WhitelistedVcsClientsForm
27 22 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator
28 23
29 24 log = logging.getLogger(__name__)
@@ -42,31 +37,10 b' class AdminSecurityView(BaseAppView):'
42 37 c.active = 'security'
43 38 return self._get_template_context(c)
44 39
40
45 41 @LoginRequired()
46 42 @HasPermissionAllDecorator('hg.admin')
47 def vcs_whitelisted_client_versions_edit(self):
48 _ = self.request.translate
43 def admin_security_modify_allowed_vcs_client_versions(self):
49 44 c = self.load_default_context()
50 render_ctx = {}
51 settings = SettingsModel()
52 form = WhitelistedVcsClientsForm(_, )()
53 if self.request.method == 'POST':
54 try:
55 result = form.to_python(self.request.POST)
56 for k, v in result.items():
57 if v:
58 setting = settings.create_or_update_setting(name=f'{k}_allowed_clients', val=v)
59 Session().add(setting)
60 Session().commit()
61
62 except formencode.Invalid as errors:
63 render_ctx.update({
64 'errors': errors.error_dict
65 })
66 for key in BACKENDS.keys():
67 verbose_name = f"initial_{key}"
68 if existing := settings.get_setting_by_name(name=f'{key}_allowed_clients'):
69 render_ctx[verbose_name] = existing.app_settings_value
70 else:
71 render_ctx[verbose_name] = '*'
72 return self._get_template_context(c, **render_ctx)
45 c.active = 'security'
46 return self._get_template_context(c)
@@ -38,42 +38,13 b''
38 38 <h3 class="panel-title">${_('Allowed client versions')}</h3>
39 39 </div>
40 40 <div class="panel-body">
41 %if c.rhodecode_edition_id != 'EE':
42 41 <h4>${_('This feature is available in RhodeCode EE edition only. Contact {sales_email} to obtain a trial license.').format(sales_email='<a href="mailto:sales@rhodecode.com">sales@rhodecode.com</a>')|n}</h4>
43 42 <p>
44 43 ${_('Some outdated client versions may have security vulnerabilities. This section have rules for whitelisting versions of clients for Git, Mercurial and SVN.')}
45 44 </p>
46 %else:
47 <div class="inner form" id="container">
48 </div>
49 %endif
50 45 </div>
51 46
47
52 48 </div>
53 49
54 <script>
55 $(document).ready(function() {
56 $.ajax({
57 url: pyroutes.url('admin_security_modify_allowed_vcs_client_versions'),
58 type: 'GET',
59 success: function(response) {
60 $('#container').html(response);
61 },
62 });
63 $(document).on('submit', '#allowed_clients_form', function(event) {
64 event.preventDefault();
65 var formData = $(this).serialize();
66
67 $.ajax({
68 url: pyroutes.url('admin_security_modify_allowed_vcs_client_versions'),
69 type: 'POST',
70 data: formData,
71 success: function(response) {
72 $('#container').html(response);
73 },
74 });
75 });
76 });
77 </script>
78
79 50 </%def>
1 NO CONTENT: file was removed
General Comments 0
You need to be logged in to leave comments. Login now